Do you need a degree for working in cybersecurity?
Jarox
Member Posts: 2
I have been looking into the field of cybersecurity as a career path and because I'm still a highschool student I was wondering if I'd need a degree to work as a penetrtion tester for example or if there are more important qualification's or alternatives.
Tagged:
Comments
-
Elitis Member Posts: 50 ■■■□□□□□□□You can generally get by in Cybersecurity and IT without a degree up until you're about to hit management. And by "get by", I mean spend a few years working your way up the food chain. That said, a lot of people usually get into Cybersecurity after some time in IT. I've heard of people going straight into it by utilizing internships while in school, so that may be a path available as well. As for Pentesting, there are very few exceptions here (and for good reason). The most typical path is usually a few years of IT (including Help Desk) and then a few years doing blue team work. You may be able to go from IT (beyond help desk) directly into a pentesting role, but this isn't extremely common.
-
JDMurray Admin Posts: 13,099 AdminPentesting is one of the InfoSec fields where you are often looked down upon by other pentesters if you have degrees or certs. You find a lot of very smart, creative, and obsessive people who can't hack academics being attracted to pentesting and forming mainstream-education-hating cliques. You see these people en masse at security conferences like DEF CON. They value what you can say and do and have achieved over what paper you have hanging on your cubical wall. You just need to hope the managers that hire pentesters think the same way.
-
TechGromit Member Posts: 2,156 ■■■■■■■■■□In my opinion some good Certifications will get you a a lot more mileage then a four year degree. College tuition at a 4 year in-state public college is around 11k a year, that's 44k over four years. At this time, each SANS course and certification is $7,800, So say if you had a GCIH, GPEN and GXPN, the cost would be $23,400, I say that would get you a lot more attention on a resume than a college degree with no certifications. (Assuming no experience for both candidates). In theory you could obtain all three certification in under a year. Also note that a GXPM is a 600 level course, very difficult exam to pass.
Still searching for the corner in a round room. -
Elitis Member Posts: 50 ■■■□□□□□□□JDMurray said:Pentesting is one of the InfoSec fields where you are often looked down upon by other pentesters if you have degrees or certs. You find a lot of very smart, creative, and obsessive people who can't hack academics being attracted to pentesting and forming mainstream-education-hating cliques. You see these people en masse at security conferences like DEF CON. They value what you can say and do and have achieved over what paper you have hanging on your cubical wall. You just need to hope the managers that hire pentesters think the same way.
-
changlinn Member Posts: 42 ■■■□□□□□□□Second what TechGromit said. I am a hiring manager, and have hired plenty of Analysts, admins and recent a penetration tester. The pentester did have a degree, but that wasn't the reason he got the job, it was his OSCP, and active research and extra-curricular training. Most of the Analysts I've hired had degrees, but then again they also had other demonstrated experience and hobbies. I hired internally an analyst recently with no degree, and very little professional experience, but as he was internal we knew about him entering CTF's and the lab he had at home. The problem is often getting past HR or recruiters. For this more often than not, certs are enough except for management and exec levels.
I also had a couple of interns from Masters programs around the place, almost all of them haven't been as good as the recent analyst with no degree.
A+, C|EH, CISSP, CISM, CRISC, GSTRT, MCSA:Messaging, MCSE:Security
"Brain does not meet certification requirements, please install more certifications" Me
Currently Studying: Cyber Security masters and ISC2 CCSP.
Security blog; http://security.morganstorey.com -
YarB Member Posts: 11 ■■■□□□□□□□Actually, there are many experienced specialists without a degree in the IT-sphere, but they just get weeded out during the application process. It's a competition. Why would a manager hire a person who didn’t bother to go to college when other applicants did? That's why a lot of young inexperienced people work for big companies and get a good salary. This is how it works. If you have the possibility to receive the diploma, it is better to do this. But it's only my opinion.
-
E Double U Member Posts: 2,237 ■■■■■■■■■■I have been in Information Security since 2012 and every org I have worked for listed a bachelors as a minimum in the requirements. Not that you need a degree to actually do the job though :-)Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS
-
beads Member Posts: 1,533 ■■■■■■■■■□We just hired a new pentester for less than $40,000 with certs and education. This person gets to push prewritten scripts all day. Hardly exciting work.As for the degree and Information Security, cyber being but a small part of security as a whole. You will spend more and more time doing research, writing papers, presentations and memos than just skill based technology. Skills are important but the soft skills: communicating, writing, persuasion, risk analysis and other business skills are also becoming more and more critical to business. This is where a degree is far more important in the long run than certs. Sorry cert lovers but certification doesn't mean what it used to say 10 years ago when I first started an account on the original TechExams board. Today, we can safely say too many exams are dumped or hacked to strictly be taken seriously.Management in IT is a dying role as well. I see fewer 'managers' but lots of team lead roles reporting to Director level positions. My current consultation has zero managers with everyone, some 450 people, reporting to one director. I see this as being much more common in the future.In the long run, get your degree or work an entry level job the rest of your career.
-
TechGromit Member Posts: 2,156 ■■■■■■■■■□YarB said:Actually, there are many experienced specialists without a degree in the IT-sphere, but they just get weeded out during the application process. It's a competition. Why would a manager hire a person who didn’t bother to go to college when other applicants did?
Still searching for the corner in a round room. -
TechGromit Member Posts: 2,156 ■■■■■■■■■□E Double U said:I have been in Information Security since 2012 and every org I have worked for listed a bachelors as a minimum in the requirements.
Still searching for the corner in a round room. -
E Double U Member Posts: 2,237 ■■■■■■■■■■beads said:Management in IT is a dying role as well. I see fewer 'managers' but lots of team lead roles reporting to Director level positions. My current consultation has zero managers with everyone, some 450 people, reporting to one director. I see this as being much more common in the future.Alphabet soup from (ISC)2, ISACA, GIAC, EC-Council, Microsoft, ITIL, Cisco, Scrum, CompTIA, AWS